lucacasonato
commented
3 years ago Hey @shanecurran. Thanks for the great questions, and awesome to hear that you like Deno Deploy!
We are confident that the sandboxing present in Deno Deploy is strong enough to mitigate timing based side-channel attacks. Our sandboxing has multiple layers, consisting of more than just the isolation that separate V8 isolates provide. In addition to the strong sandboxing, high accuracy high precision timers are not provided directly by the platform - the setTimout and setInterval timers are restricted to 4ms accuracy, and new Date and performance.now are restricted to 1ms / 2ms accuracy.
We are confident that our infrastructure is not vulnerable to currently known timing based side-channels attacks that would exfiltrate customer data, even if high precision timers were available. To the best of my knowledge, the per customer isolation we provide meets or exceeds that of Cloudflare Workers.
Hi there! Big fan of Deno Deploy.
One of the things I was curious about—and I'm not sure this is a security vulnerability "in the wild" as such—is the presence of functioning timers within functions. It seems like each function is a separate V8 isolate, but that the native JS timing APIs work as normal (see here, source code here). I know these are hard to do in practicality, but this could potentially leave functions open to Spectre-like attacks (or timing side channel attacks in general).
Is more robust isolation on the roadmap? Or alternatively disabling timers as a quick fix? Cloudflare wrote a good post about why it was important to them here.
Thank you!